Privacy vs safety a paramount concern

Posted by ED for JC

The referenced TriCities.com article articulates with great clarity where the focus of the privacy debate should be: Privacy vs. Safety. We should expect our health data to be treated with the utmost of privacy and confidentiality…but to the detriment of our own safety? Some privacy wonks say that HIPAA protects no one. Really?

Yes, HIPAA permits covered entities to use our data without authorization for "TPO" – treatment, payment and operations. Thus if one is unconscious and can’t sign a consent form, its ok to look at that person’s record. If a third party (payor) is responsible for payment, its ok to send a claim without patient consent. This seems safe to me, especially because HIPAA has mechanisms in place (through BAA contract) that requires that any entity receiving the data use it for the specific purpose intended (payment of a claim, for instance). It also requires a minimum necessary standard. Only the minimum amount of data (not the 130 page medical record) can be supplied for payment of a claim, unless required.

Some privacy groups say this standard isn’t adequate. They say that anytime anyone accesses our data it must be accompanied with a signed consent form. Even in the area of public health, where breakouts are monitored and patient data must be accessed quickly, some privacy groups contend that if a person doesn’t want their data shared, it shouldn’t. Should privacy be placed above public safety? Isn’t this the key question? Within this context, what does VA Tech teach us?

This is a difficult debate but simple common sense can get us beyond many issues. Its easy to crusade behind an "I’m-for-the-small-guy" mask. I identify with the underdog too. I just want that underdog to be safe. I want to be safe. And by the way, I AM the underdog. Aren’t most of us?

I’m ok with hospitals having my data for TPO, but the privacy groups want to force hospitals and others to go through hoops when my life is in danger. They want me to get behind the idea that HIPAA doesn’t go far enough. Perhaps there are changes that could be made and as an underdog, I’m open to that possibility. But we must be careful not to create an environment that makes all of us less safe, shouldn’t we?

There is a delicate balance between privacy and safety. Perhaps we should err on the side of safety. I’m interested in how some privacy groups justify their position in light of VA Tech. This is an acid test. To use VA Tech for political purposes is immoral, to be sure, but for testing standards it provides a meaningful and absolutely necessary exercise.


John Casillas
Chair, Medical Banking Institute
Executive Director, Medical Banking Project
320 Main St., Ste. 230
Franklin, TN 37064
v: 615.794.2009, ext. 3
f: 615.794.1481
http://www.mbproject.org